Bump Go toolchain to 1.26.3 to address Snyk findings (#433)

twmb · web-flow · commit 4e5ca0cf2f31 · 2026-05-13T10:14:08.000+01:00
Fixes HIGH severity stdlib vulnerabilities: - CVE-2026-33811 Double Free in std/net (GO-2026-4981) - CVE-2026-39836 Uncaught Exception in std/net (GO-2026-4971) - CVE-2026-33814 Infinite loop in std/net/http (GO-2026-4918)
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/redpanda-data/benthos/v4
 
-go 1.26.1
+go 1.26.3
 
 require (
 	cuelang.org/go v0.16.1
